Custom Authorize Filter

We've all used the [Authorize] attribute in ASP.NET MVC applications. To limit access to a particular action to users of two roles, you'd use something like [Authorize(Roles="Admin,Moderator")] on the action.

There's always a chance that we mistype the role names. So let's refactor the roles into constants: